Added check that only the dropbear user is allowed to login if it is running as non-root. Removed the log message,
--- loginrec.c 2013-04-15 08:01:58.000000000 -0600 +++ loginrec.c 2013-04-17 06:01:57.000000000 -0600 @@ -329,8 +329,6 @@ login_write (struct logininfo *li) { #ifndef HAVE_CYGWIN if ((int)geteuid() != 0) { - dropbear_log(LOG_WARNING, - "Attempt to write login records by non-root user (aborting)"); return 1; } #endif --- svr-auth.c 2013-04-15 08:01:58.000000000 -0600 +++ svr-auth.c 2013-04-17 06:00:22.000000000 -0600 @@ -226,6 +226,7 @@ static int checkusername(unsigned char * char* listshell = NULL; char* usershell = NULL; + int uid; TRACE(("enter checkusername")) if (userlen > MAX_USERNAME_LEN) { return DROPBEAR_FAILURE; @@ -255,6 +256,18 @@ static int checkusername(unsigned char * return DROPBEAR_FAILURE; } + /* check if we are running as non-root, and login user is different from the server */ + uid=geteuid(); + if (uid != 0 && uid != ses.authstate.pw_uid) { + TRACE(("running as nonroot, only server uid is allowed")) + dropbear_log(LOG_WARNING, + "Login attempt with wrong user %s from %s", + ses.authstate.pw_name, + svr_ses.addrstring); + send_msg_userauth_failure(0, 1); + return DROPBEAR_FAILURE; + } + /* check for non-root if desired */ if (svr_opts.norootlogin && ses.authstate.pw_uid == 0) { TRACE(("leave checkusername: root login disabled"))